• about

• process

• case studies

• contact

Problem

Complexity

I had observed anecdotally that our system was very difficult to understand and use. The most problematic area seemed to be Access Management. The set of settings and policies that governed how resources were protected and accessed spanned 13 pages across 3 different areas of the nav.

Old UI

Most of the pages looked something like this

Understand customers better

I knew that I didn't know enough to define a clear problem statment, let alone propose solutions. I needed to learn more about how customers thought and worked. I set a goal to better understand customers' goals and internal processes as well as their biggest pain points in using our existing product for Access Management.

Process

Research

With another designer and a researcher, I began a generative research process.

• Interviewed customers
• Interviewed customer-facing employees
• Performed competitive analysis of similar products

What we learned

We learned that customers primarily care about security level and user friction. Neither was currently easy for them to control.

• Customers spent a lot of time learning how our system worked.
• They spent a lot of time trying to understand which settings would cause the outcome they wanted.
• It was really difficult for them to check that the settings would have the intended effect before rolling them out in production.

Impact

This was problematic because a mistaken setting could open up unauthorized access to protected personal data, corporate confidential data, or critical company infrastructure. It could also block authorized access, preventing all of a company's customers from interacting with their products or preventing all of a company's employees from being able to work.

According to account managers, this was decreasing feature adoption and customer sentiment.

Getting buy-in

My design partner and I presented these findings to Product team leadership. We got buy-in that there was a problem and we were given resources to find a solution and make a proposal.

We wanted to include broad expertise and build cross-functional buy-in. To do this, we led a series of design workshop sessions with stakeholders from 6 functional areas. With this group, we arrived at a set of strategies and a set of tactics for achieving them:

Strategy 1:

Reduce risk

• Testing tools
• Version control

Strategy 2:

More intuitive setttings

• Put all the settings in one place
• Present settings in terms of customer goals

Strategy 3:

Be a trusted advisor

• Strong defaults that match primary usecases
• Built in explanations and guidance

User reactions

We had put the resulting design through 6 rounds of user testing including both customers and non-customers across our primary customer segments.

• “I like that a lot”
• “This is much better than [competitor product]. This is exactly what I would like to see.”
• “Oh my god. Yes. Please give me this.”
• “I wish we had something like that now, because it's very difficult to test all the outcomes.”
• “I almost cried when I saw it”

Solution

Implementation plan

The solution was a comprehensive 3 year vision. It updated all of the settings for Access Management, addressing all 3 of the strategies (and all 6 tactics) outlined above. It also included incremental steps for achieving the vision.

The story we told and the videos we made of customer reactions were compelling. We were able to get a v1 added to the proper teams' roadmaps immediately. This includes a basic testing tool and a landing page that centralizes the navigation for Access Management. Then we began working with the Admin Experience team to design UI components and guidelines to enable other feature teams to add similar guidance and defaults across the product.

Reduce Risk – Testing

A testing tool shows all the system behavior outcomes and links off to the specific settings causing them. It also shows the resulting user experience for each state in an interactive sandbox.

In addition, we built in a testing mode to every setting.

In test mode, all changes are staged and tested before being deployed.

Settings in one place

We made a landing page that centralized all the Access Management settings and showed their relationships to each other in terms of customer goals.

In each location, we surfaced and linked to the relevant related information. Here, a protected resource shows how all the high level system functions relate to it.

Clicking into the Access function, all the important settings impacting this resource are shown and linked.

Settings focus on customer outcomes

All settings are now in written in terms of the primary customer outcomes: security and UX. In this setting, each radio option shows both its security impact (which factor types would be required) and its UX impact (which authenticators a user can authenticate with).

Good defaults

Built in defaults provide a lot of benefits.

• Defaults provide a working product from day 1. Customers can configure the settings they care about and can safely ignore everything else.
• Defaults serve as examples that teach customers how to use the product.
• Smart, extensible defaults provide a strong starting point for further customization.

Defaults in action

Here, an instance starts with two default policies. A customer can easily pick the one they want for their first protected resource without having to dive in to the complexity of managing policies.

Built-in guidance

Built in guidance helps customers make informed and confident decisions. Here, the authenticators page helps admins understand the best framework for thinking about authenticators. Additionally, each authenticator provides guidance on the level of security and ease of use it provides.